[cfe-commits] r46846 - /cfe/trunk/Analysis/GRConstants.cpp
Ted Kremenek
kremenek at apple.com
Wed Feb 6 22:04:19 PST 2008
Author: kremenek
Date: Thu Feb 7 00:04:18 2008
New Revision: 46846
URL: http://llvm.org/viewvc/llvm-project?rev=46846&view=rev
Log:
Added support to distinguish between both implicit and explicit null dereferences.
Modified:
cfe/trunk/Analysis/GRConstants.cpp
Modified: cfe/trunk/Analysis/GRConstants.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/Analysis/GRConstants.cpp?rev=46846&r1=46845&r2=46846&view=diff
==============================================================================
--- cfe/trunk/Analysis/GRConstants.cpp (original)
+++ cfe/trunk/Analysis/GRConstants.cpp Thu Feb 7 00:04:18 2008
@@ -126,8 +126,9 @@
/// ImplicitNullDeref - Nodes in the ExplodedGraph that result from
/// taking a dereference on a symbolic pointer that may be NULL.
- typedef llvm::SmallPtrSet<NodeTy*,5> ImplicitNullDerefTy;
- ImplicitNullDerefTy ImplicitNullDeref;
+ typedef llvm::SmallPtrSet<NodeTy*,5> NullDerefTy;
+ NullDerefTy ImplicitNullDeref;
+ NullDerefTy ExplicitNullDeref;
bool StateCleaned;
@@ -172,6 +173,11 @@
bool isImplicitNullDeref(const NodeTy* N) const {
return N->isSink() && ImplicitNullDeref.count(const_cast<NodeTy*>(N)) != 0;
}
+
+ bool isExplicitNullDeref(const NodeTy* N) const {
+ return N->isSink() && ExplicitNullDeref.count(const_cast<NodeTy*>(N)) != 0;
+ }
+
/// ProcessStmt - Called by GREngine. Used to generate new successor
/// nodes by processing the 'effects' of a block-level statement.
@@ -249,7 +255,8 @@
StateTy AssumeSymInt(StateTy St, bool Assumption, const SymIntConstraint& C,
bool& isFeasible);
- NodeTy* Nodify(NodeSet& Dst, Stmt* S, NodeTy* Pred, StateTy St);
+ NodeTy* Nodify(NodeSet& Dst, Stmt* S, NodeTy* Pred, StateTy St,
+ bool AlwaysMakeNode = false);
/// Nodify - This version of Nodify is used to batch process a set of states.
/// The states are not guaranteed to be unique.
@@ -570,10 +577,11 @@
}
GRConstants::NodeTy*
-GRConstants::Nodify(NodeSet& Dst, Stmt* S, NodeTy* Pred, StateTy St) {
+GRConstants::Nodify(NodeSet& Dst, Stmt* S, NodeTy* Pred, StateTy St,
+ bool AlwaysMakeNode) {
// If the state hasn't changed, don't generate a new node.
- if (St == Pred->getState())
+ if (!AlwaysMakeNode && St == Pred->getState())
return NULL;
NodeTy* N = Builder->generateNode(S, St, Pred);
@@ -777,28 +785,34 @@
//
// We add these assumptions.
- bool isFeasible;
+ bool isFeasibleNotNull;
+
+ // "Assume" that the pointer is Not-NULL.
+ StateTy StNotNull = Assume(St, L1, true, isFeasibleNotNull);
+
+ if (isFeasibleNotNull) {
+ QualType T = U->getType();
+ Nodify(Dst, U, N1, SetValue(StNotNull, U,
+ GetValue(StNotNull, L1, &T)));
+ }
+
+ bool isFeasibleNull;
// "Assume" that the pointer is NULL.
- StateTy StNull = Assume(St, L1, false, isFeasible);
+ StateTy StNull = Assume(St, L1, false, isFeasibleNull);
- if (isFeasible) {
- NodeTy* NullNode = Nodify(Dst, U, N1, StNull);
+ if (isFeasibleNull) {
+ NodeTy* NullNode = Nodify(Dst, U, N1, StNull, true);
if (NullNode) {
NullNode->markAsSink();
- ImplicitNullDeref.insert(NullNode);
+
+ if (isFeasibleNotNull)
+ ImplicitNullDeref.insert(NullNode);
+ else
+ ExplicitNullDeref.insert(NullNode);
}
}
- // "Assume" that the pointer is Not-NULL.
- StateTy StNotNull = Assume(St, L1, true, isFeasible);
-
- if (isFeasible) {
- QualType T = U->getType();
- Nodify(Dst, U, N1, SetValue(StNotNull, U,
- GetValue(StNotNull, L1, &T)));
- }
-
break;
}
@@ -1254,6 +1268,9 @@
if (GraphPrintCheckerState->isImplicitNullDeref(N)) {
Out << "\\|Implicit-Null Dereference.\\l";
}
+ else if (GraphPrintCheckerState->isExplicitNullDeref(N)) {
+ Out << "\\|Explicit-Null Dereference.\\l";
+ }
break;
}
More information about the cfe-commits
mailing list